Closed Bug 1325189 Opened 9 years ago Closed 9 years ago

[CID 1221158] Missing OOM check in stagefright::MetaData::setData

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla53

Tracking Flags:

Tracking

Status

firefox53

---

fixed

People

(Reporter: mozbugz, Assigned: JamesCheng)

Details

(Whiteboard: CID 1221158)

Attachments

(1 file)

Bug 1325189 - [CID 1221158] Assertion when OOM instead of indexing array with negative value. 9 years ago James Cheng[:JamesCheng] 59 bytes, text/x-review-board-request	mozbugz : review+	Details

Gerald Squelart (he/him) (not at Mozilla since 2022-09-15)

Reporter

Description

•

9 years ago

Found by Coverity, CID 1221158. In stagefright::MetaData::setData(): After `ssize_t i = ... mItems.add(key, item);`, i could now be negative in case of OOM when trying to add the key. But anyway, going down the rabbit hole, the actual place where memory is (re)allocated in VectorImpl::_grow() is followed by an assert, so in case of OOM the program will crash before anything can be done with the finally-returned negative value! For safety's sake, we should probably add a check in setData anyway, and if time permit see if there is a better way to deal with OOMs in the storage.

Comment hidden (mozreview-request)

James Cheng[:JamesCheng]

Assignee

Updated

•

9 years ago

Attachment #8821026 - Flags: review?(gsquelart)

Gerald Squelart (he/him) (not at Mozilla since 2022-09-15)

Reporter

Updated

•

9 years ago

Assignee: gsquelart → jacheng

Gerald Squelart (he/him) (not at Mozilla since 2022-09-15)

Reporter

Comment 2

•

9 years ago

mozreview-review

Comment on attachment 8821026 [details] Bug 1325189 - [CID 1221158] Assertion when OOM instead of indexing array with negative value. https://reviewboard.mozilla.org/r/100398/#review100998 Thank you for handling this one. r+ with nits: ::: media/libstagefright/frameworks/av/media/libstagefright/MetaData.cpp:197 (Diff revision 1) > i = mItems.add(key, item); > Remove these redundant lines. ::: media/libstagefright/frameworks/av/media/libstagefright/MetaData.cpp:199 (Diff revision 1) > + // TODO: "i" will be negtive value when OOM, > + // we should consider to handle this case instead of assertion. 'negtive' -> 'negative' 'to handle' -> 'handling' 'assertion' -> 'asserting'

Attachment #8821026 - Flags: review?(gsquelart) → review+

Comment hidden (mozreview-request)

James Cheng[:JamesCheng]

Assignee

Comment 4

•

9 years ago

Thank you for pointing out! Thanks.

Pulsebot

Comment 5

•

9 years ago

Pushed by jacheng@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e594cf0fda6d [CID 1221158] Assertion when OOM instead of indexing array with negative value. r=gerald

Anthony Jones (:ajones, :kentuckyfriedtakahe, :k17e)

Updated

•

9 years ago

Priority: -- → P1

Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)

Comment 6

•

9 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/e594cf0fda6d

Status: NEW → RESOLVED

Closed: 9 years ago

status-firefox53: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla53

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[CID 1221158] Missing OOM check in stagefright::MetaData::setData

Categories

(Core :: Audio/Video: Playback, defect, P1)

Tracking

()

People

(Reporter: mozbugz, Assigned: JamesCheng)

References

Details

(Whiteboard: CID 1221158)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Updated

Comment 2

Comment 3

Comment 4

Comment 5

Updated

Comment 6

Attachment

General

Description

File Name

Content Type